Cisco is a long-time front-runner in developing cutting-edge firewalls for the widest possible variety of environments. Cisco's Firepower Next Generation Firewalls represent an advanced firewall platform that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist your organization to plan and execute a smooth migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's cloud-based services to build and centrally manage network environments that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to manage and debug legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation driven by industry best practices so you can establish a consistent cybersecurity posture across all your networked devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost compared to Cisco's popular ASA 5500-X firewalls and offer centralized management and automation of advanced security capabilities like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls (NGFWs), visit Cisco Firepower firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad range of features to match the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances enable IT security teams to protect their network perimeter and provide secure offsite and mobile access while utilizing advanced management mechanisms based on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life (EOL) but are still commonly deployed in smaller businesses and in some enterprise networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have superseded the ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully managed, continue to deliver a high level of security by providing multiple features such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified infrastructure engineers can help you to maintain and debug older ASA 5500 and PIX 500 firewall appliances and can also help you to plan and carry out a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, configure, tune, administer and debug new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also help your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances includes an improved substitute for each rack-mountable unit in the older ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the same environment as the associated earlier models, which gives small and midsize businesses ample room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, go to Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or hardware modules that support Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and zero-day attacks
- Advanced Malware Protection that utilizes big data techniques to find and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, network infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered security
Smaller implementations of ASA 5500-X firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X versions. ASDM includes a convenient web console for deploying, managing, and troubleshooting ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X appliances with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewalls
Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional features include greater context awareness, Advanced Malware Protection with remediation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology behind the PIX 500 family firewall, Cisco's IPS 4200 family sensor, and the VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, local containment and control, and clean Virtual Private Network connectivity throughout the entire product portfolio. This breadth of security allows the guarding of any network area, which includes the most common attack vectors like remote sites, locally-connected inside users, and remote connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 family enables you to add security services by installing security service modules and security service cards. These user-installable options give you the ability to add IPS and content protection services such as filtering virus, worms, and phishing attacks and executing data and web filtering. In addition to enabling your IT staff to respond rapidly to the latest threat environments, the expandable design of the ASA 5500 family also leverages your hardware investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 family also protects your investment in administrative team education by utilizing the rich library of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls provide a high-level of application security through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. This produces a better protected environment covering Web, voice, and mobile wireless access. To defend networks against application-layer assaults and to provide better control over the programs and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and state monitoring. Also incorporated are attack sensing and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to police usage policies and preserve bandwidth for vital business processes.
For more information about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls integration and debugging support.
PIX Security Appliance Series
Built upon a tested, specialized operating system that offers rich protection services, Cisco PIX firewall appliances offer a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide protection for a broad array of VoIP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a broad array of current and upcoming IP voice and mixed-media applications.
Cisco PIX firewall appliances feature a variety of configuration, tracking, and troubleshooting options, providing IT managers the versatility to use the methods that most closely match their requirements. Management options include common, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-tracking standards such as SNMP and syslog. The integrated ASDM system provides a world-class Web-accessible control platform that significantly streamlines the deployment, ongoing configuration, and tracking of a specific PIX security appliance without the need of any extra utility other than an ordinary browser and Java plug-in to be running on a manager's computer.
IT managers can also remotely configure, monitor, and troubleshoot Cisco PIX firewall appliances via a command-line interface. Safe command-line interface communication is available through several methods including SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewall appliances also have dependable automatic-update capabilities, a collection of revolutionary secure remote-management services that make sure that firewall settings and software images are kept current.
For more information about Progent's support services for Cisco PIX security appliances, see PIX 500 firewalls configuration and troubleshooting services.
Progent's Migration Support for Cisco Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many companies are concerned about relying on a key security mechanism that might no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances have the advantage of being new products and also bring a number of functions and budgetary benefits in comparison to PIX devices. These advantages include substantially higher throughput, optional SSL VPN capability, and an expandable design that guards your investment by allowing you to self-install new security features whenever you require them. Progent's Cisco network engineers can assist your company to assess the strategic case for migrating from PIX 500 or ASA 5500 firewalls, create a migration process that allows for a quick and non-disruptive upgrade, help your IT staff to install new ASA 5500-x or Firepower Series appliances, and provide online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting options that offer you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network experts can show you how to configure and support an efficient infrastructure that includes Cisco firewall technology and that offers world-class protection, resilience, performance, and recoverability. Progent's CISA and CISM-premier IS security professionals can help you to develop a security strategy appropriate for your business and can configure your firewall to enforce your security policies. Progent's security evaluation engineers can assess the strength of your current firewall deployment and validate the overall security of your whole IS network. Progent’s Help Desk support team can provide urgent remote technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
For additional details concerning Progent's engineering expertise for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about engineering assistance for Cisco products, call 1-800-993-9400 or visit Contact Progent.